• For the fresh install to enable Full WAF given the option Litespeed (recommended).

    Different hosting providers use Apache, NGINX etc.

    When should the Litespeed (recommended) option be selected?

Viewing 15 replies - 1 through 15 (of 18 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Only when running Litespeed or Openlitespeed.
    Check with the troubleshooter script, you should see it in the PHP_SAPI field.

    The hosting company uses Apache with PHP but it utilizes the PHP Litespeed API (LSAPI) which does not read or respect the php.ini. Despite the Ninja directive in the .htaccess full WAF doesn’t get enabled. So they have recommended to use another security plugin https://wordpress.org/plugins/wp-cerber.

    I had emphasized the importance of the Ninja WAF, and that its lightweight and resides between WordPress and the attacker, as the firewall loads first before WordPress. Their response was the feature is redundant since they have ModSecurity through Imunify360 as a WAF already.

    They have also asked me to clarify PHP7 as this only implies software version not the PHP handler.

    Kindly advise.

    Plugin Author nintechnet

    (@nintechnet)

    Did you try other alternatives during the Full WAF installation such as “Apache + PHP7 module”?

    Yes. Apache + PHP7 module also didn’t work.

    Plugin Author nintechnet

    (@nintechnet)

    Did your host confirm that you can use the auto_prepend_file directive in a .htaccess or not? It looks like you can’t.

    The hosting said that they are running servers on CloudLinux OS with the Litespeed handler and that it’s absolutely normal to define php values in the .htaccess. The below code is already in the .htaccess.

    `# BEGIN NinjaFirewall
    <IfModule mod_php7.c>
    php_value auto_prepend_file /home/website/public_html/wp-content/nfwlog/ninjafirewall.php
    </IfModule>
    # END NinjaFirewall

    Plugin Author nintechnet

    (@nintechnet)

    Can you try to remove the <IfModule mod_php7.c> and </IfModule> lines and test again? Make sure you have FTP access so that if the site crashed you could undo the modification.

    Also, did you run the troubleshooter script?

    Removed the lines you mentioned but to no avail. In fact the directive doesn’t get created in the .htaccess file.

    Results of the troubleshooter script:

    HTTP server : Apache
    PHP version : 7.3.18
    PHP SAPI : LITESPEED

    auto_prepend_file : none
    wp-config.php : found in /home/site/public_html/wp-config.php
    NinjaFirewall detection : NinjaFirewall WP Edition is loaded (WordPress WAF mode)

    Loaded INI file : /opt/alt/php73/etc/php.ini
    user_ini.filename : .user.ini
    user_ini.cache_ttl : 300 seconds
    User PHP INI : none found

    DOCUMENT_ROOT : /home/site/public_html
    ABSPATH : /home/sitesm/public_html/
    WordPress version : 5.4.2
    WP_CONTENT_DIR : /home/site/public_html/wp-content
    Plugins directory : /home/site/public_html/wp-content/plugins
    User Role : Unknown role (or user not logged in)
    User Capabilities : Error: missing manage_options capability – Error: missing unfiltered_html capability
    Make sure you are logged in to WordPress before running this script.
    Log dir permissions : /home/sitesm/public_html/wp-content/nfwlog dir is writable
    Cache dir permissions : /home/sitesm/public_html/wp-content/nfwlog/cache dir is writable

    Plugin Author nintechnet

    (@nintechnet)

    Can you try to add another directive to the .htaccess and see if it works? For instance:
    php_value upload_max_filesize 50M

    Then check with a phpinfo() script if the value of upload_max_filesize is set to 50M.

    • This reply was modified 1 month, 2 weeks ago by nintechnet.

    The hosting has already set by default php_value upload_max_filesize to 512M.

    Plugin Author nintechnet

    (@nintechnet)

    If other directives work, then it means auto_prepend_file is disabled or there’s something wrong with the PHP interpreter.
    I don’t think you could run NF in Full WAF mode on that host.

    Will pass on your details to the host. Let’s see what they have to say.

    The host have manage to somehow enable the full WAF with the only line again:

    php_value auto_prepend_file /home/site/public_html/wp-content/nfwlog/ninjafirewall.php

    Now how can we confirm if the full WAF is really enabled and working?

    Plugin Author nintechnet

    (@nintechnet)

    Did you check in the “NinjaFirewall > Dashboard” page? This is the page to check when looking for errors, warnings or problems.

    There are no errors, warnings or problems on the “NinjaFirewall > Dashboard” page.

Viewing 15 replies - 1 through 15 (of 18 total)
  • You must be logged in to reply to this topic.